package org.bouncycastle.jcajce.provider.keystore.pkcs12;

import java.io.BufferedInputStream;
import java.io.ByteArrayInputStream;
import java.io.EOFException;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.KeyStoreSpi;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.Map;
import java.util.Set;
import java.util.Vector;
import javax.crypto.Cipher;
import javax.crypto.Mac;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.PBEParameterSpec;
import org.bouncycastle.asn1.ASN1BMPString;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1Encoding;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ASN1Set;
import org.bouncycastle.asn1.BEROctetString;
import org.bouncycastle.asn1.BERSequence;
import org.bouncycastle.asn1.DERBMPString;
import org.bouncycastle.asn1.DERNull;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.DERSet;
import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
import org.bouncycastle.asn1.cryptopro.GOST28147Parameters;
import org.bouncycastle.asn1.misc.MiscObjectIdentifiers;
import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
import org.bouncycastle.asn1.ntt.NTTObjectIdentifiers;
import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.AuthenticatedSafe;
import org.bouncycastle.asn1.pkcs.CertBag;
import org.bouncycastle.asn1.pkcs.ContentInfo;
import org.bouncycastle.asn1.pkcs.EncryptedData;
import org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo;
import org.bouncycastle.asn1.pkcs.MacData;
import org.bouncycastle.asn1.pkcs.PBES2Parameters;
import org.bouncycastle.asn1.pkcs.PBKDF2Params;
import org.bouncycastle.asn1.pkcs.PKCS12PBEParams;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.Pfx;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.asn1.pkcs.SafeBag;
import org.bouncycastle.asn1.util.ASN1Dump;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.AuthorityKeyIdentifier;
import org.bouncycastle.asn1.x509.DigestInfo;
import org.bouncycastle.asn1.x509.ExtendedKeyUsage;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.Extensions;
import org.bouncycastle.asn1.x509.KeyPurposeId;
import org.bouncycastle.asn1.x509.SubjectKeyIdentifier;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.asn1.x509.TBSCertificate;
import org.bouncycastle.asn1.x509.X509ObjectIdentifiers;
import org.bouncycastle.crypto.CryptoServicesRegistrar;
import org.bouncycastle.crypto.Digest;
import org.bouncycastle.crypto.util.DigestFactory;
import org.bouncycastle.jcajce.BCLoadStoreParameter;
import org.bouncycastle.jcajce.PKCS12Key;
import org.bouncycastle.jcajce.PKCS12StoreParameter;
import org.bouncycastle.jcajce.provider.keystore.util.AdaptingKeyStoreSpi;
import org.bouncycastle.jcajce.provider.keystore.util.ParameterUtil;
import org.bouncycastle.jcajce.spec.GOST28147ParameterSpec;
import org.bouncycastle.jcajce.spec.PBKDF2KeySpec;
import org.bouncycastle.jcajce.util.BCJcaJceHelper;
import org.bouncycastle.jcajce.util.DefaultJcaJceHelper;
import org.bouncycastle.jcajce.util.JcaJceHelper;
import org.bouncycastle.jce.interfaces.BCKeyStore;
import org.bouncycastle.jce.interfaces.PKCS12BagAttributeCarrier;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.jce.provider.JDKPKCS12StoreParameter;
import org.bouncycastle.util.Arrays;
import org.bouncycastle.util.Integers;
import org.bouncycastle.util.Properties;
import org.bouncycastle.util.Strings;
import org.bouncycastle.util.encoders.Hex;

/* loaded from: input_file:org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi.class */
public class PKCS12KeyStoreSpi extends KeyStoreSpi implements PKCSObjectIdentifiers, X509ObjectIdentifiers, BCKeyStore {
    static final String l11k = "org.bouncycastle.pkcs12.max_it_count";
    private static final int l12n = 20;
    private static final int l12k = 51200;
    private static final DefaultSecretKeyProvider l12f = new DefaultSecretKeyProvider();
    static final int l11f = 0;
    static final int l12if = 1;
    static final int l12l = 2;
    static final int l12t = 3;
    static final int l12v = 4;
    static final int l12p = 0;
    static final int l12u = 1;
    static final int l12j = 2;
    private CertificateFactory l13u;
    private ASN1ObjectIdentifier l13j;
    private ASN1ObjectIdentifier l13h;
    private final JcaJceHelper l12y = new BCJcaJceHelper();
    private IgnoresCaseHashtable l13if = new IgnoresCaseHashtable();
    private IgnoresCaseHashtable l13l = new IgnoresCaseHashtable();
    private IgnoresCaseHashtable l13t = new IgnoresCaseHashtable();
    private Hashtable l13v = new Hashtable();
    private Hashtable l13p = new Hashtable();
    protected SecureRandom l12h = CryptoServicesRegistrar.lI();
    private AlgorithmIdentifier l13y = new AlgorithmIdentifier(OIWObjectIdentifiers.lh, DERNull.lf);
    private int l13n = 102400;
    private int l13k = 20;

    /* loaded from: input_file:org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi$BCPKCS12KeyStore.class */
    public static class BCPKCS12KeyStore extends AdaptingKeyStoreSpi {
        public BCPKCS12KeyStore() {
            super(new BCJcaJceHelper(), new PKCS12KeyStoreSpi(new BCJcaJceHelper(), PKCSObjectIdentifiers.l11u, PKCSObjectIdentifiers.l11y));
        }
    }

    /* loaded from: input_file:org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi$BCPKCS12KeyStore3DES.class */
    public static class BCPKCS12KeyStore3DES extends AdaptingKeyStoreSpi {
        public BCPKCS12KeyStore3DES() {
            super(new BCJcaJceHelper(), new PKCS12KeyStoreSpi(new BCJcaJceHelper(), PKCSObjectIdentifiers.l11u, PKCSObjectIdentifiers.l11u));
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi$CertId.class */
    public class CertId {
        byte[] lI;

        CertId(PublicKey publicKey) {
            this.lI = PKCS12KeyStoreSpi.this.lI(publicKey).lI();
        }

        CertId(byte[] bArr) {
            this.lI = bArr;
        }

        public int hashCode() {
            return Arrays.lI(this.lI);
        }

        public boolean equals(Object obj) {
            if (obj == this) {
                return true;
            }
            if (obj instanceof CertId) {
                return Arrays.lI(this.lI, ((CertId) obj).lI);
            }
            return false;
        }
    }

    /* loaded from: input_file:org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi$DefPKCS12KeyStore.class */
    public static class DefPKCS12KeyStore extends AdaptingKeyStoreSpi {
        public DefPKCS12KeyStore() {
            super(new DefaultJcaJceHelper(), new PKCS12KeyStoreSpi(new DefaultJcaJceHelper(), PKCSObjectIdentifiers.l11u, PKCSObjectIdentifiers.l11y));
        }
    }

    /* loaded from: input_file:org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi$DefPKCS12KeyStore3DES.class */
    public static class DefPKCS12KeyStore3DES extends AdaptingKeyStoreSpi {
        public DefPKCS12KeyStore3DES() {
            super(new DefaultJcaJceHelper(), new PKCS12KeyStoreSpi(new DefaultJcaJceHelper(), PKCSObjectIdentifiers.l11u, PKCSObjectIdentifiers.l11u));
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi$DefaultSecretKeyProvider.class */
    public static class DefaultSecretKeyProvider {
        private final Map lI;

        DefaultSecretKeyProvider() {
            HashMap hashMap = new HashMap();
            hashMap.put(new ASN1ObjectIdentifier("1.2.840.113533.7.66.10"), Integers.le(128));
            hashMap.put(PKCSObjectIdentifiers.l1u, Integers.le(192));
            hashMap.put(NISTObjectIdentifiers.l0f, Integers.le(128));
            hashMap.put(NISTObjectIdentifiers.l1y, Integers.le(192));
            hashMap.put(NISTObjectIdentifiers.l2u, Integers.le(256));
            hashMap.put(NTTObjectIdentifiers.lI, Integers.le(128));
            hashMap.put(NTTObjectIdentifiers.lf, Integers.le(192));
            hashMap.put(NTTObjectIdentifiers.lj, Integers.le(256));
            hashMap.put(CryptoProObjectIdentifiers.ld, Integers.le(256));
            this.lI = Collections.unmodifiableMap(hashMap);
        }

        public int lI(AlgorithmIdentifier algorithmIdentifier) {
            Integer num = (Integer) this.lI.get(algorithmIdentifier.lI());
            if (num != null) {
                return num.intValue();
            }
            return -1;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi$IgnoresCaseHashtable.class */
    public static class IgnoresCaseHashtable {
        private Hashtable lI;
        private Hashtable lf;

        private IgnoresCaseHashtable() {
            this.lI = new Hashtable();
            this.lf = new Hashtable();
        }

        public void lI(String str, Object obj) {
            String lj = str == null ? null : Strings.lj(str);
            String str2 = (String) this.lf.get(lj);
            if (str2 != null) {
                this.lI.remove(str2);
            }
            this.lf.put(lj, str);
            this.lI.put(str, obj);
        }

        public Enumeration lI() {
            return this.lI.keys();
        }

        public Object lI(String str) {
            String str2 = (String) this.lf.remove(str == null ? null : Strings.lj(str));
            if (str2 == null) {
                return null;
            }
            return this.lI.remove(str2);
        }

        public Object lf(String str) {
            String str2 = (String) this.lf.get(str == null ? null : Strings.lj(str));
            if (str2 == null) {
                return null;
            }
            return this.lI.get(str2);
        }

        public Enumeration lf() {
            return this.lI.elements();
        }

        public int lj() {
            return this.lI.size();
        }
    }

    public PKCS12KeyStoreSpi(JcaJceHelper jcaJceHelper, ASN1ObjectIdentifier aSN1ObjectIdentifier, ASN1ObjectIdentifier aSN1ObjectIdentifier2) {
        this.l13j = aSN1ObjectIdentifier;
        this.l13h = aSN1ObjectIdentifier2;
        try {
            this.l13u = jcaJceHelper.ly("X.509");
        } catch (Exception e) {
            throw new IllegalArgumentException("can't create cert factory - " + e.toString());
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public SubjectKeyIdentifier lI(PublicKey publicKey) {
        try {
            return new SubjectKeyIdentifier(lI(SubjectPublicKeyInfo.lI(publicKey.getEncoded())));
        } catch (Exception e) {
            throw new RuntimeException("error creating key");
        }
    }

    private static byte[] lI(SubjectPublicKeyInfo subjectPublicKeyInfo) {
        Digest lj = DigestFactory.lj();
        byte[] bArr = new byte[lj.lf()];
        byte[] le = subjectPublicKeyInfo.lb().le();
        lj.lI(le, 0, le.length);
        lj.lI(bArr, 0);
        return bArr;
    }

    @Override // org.bouncycastle.jce.interfaces.BCKeyStore
    public void lI(SecureRandom secureRandom) {
        this.l12h = secureRandom;
    }

    public boolean lI(InputStream inputStream) throws IOException {
        return false;
    }

    @Override // java.security.KeyStoreSpi
    public Enumeration engineAliases() {
        Hashtable hashtable = new Hashtable();
        Enumeration lI = this.l13t.lI();
        while (lI.hasMoreElements()) {
            hashtable.put(lI.nextElement(), "cert");
        }
        Enumeration lI2 = this.l13if.lI();
        while (lI2.hasMoreElements()) {
            String str = (String) lI2.nextElement();
            if (hashtable.get(str) == null) {
                hashtable.put(str, "key");
            }
        }
        return hashtable.keys();
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineContainsAlias(String str) {
        return (this.l13t.lf(str) == null && this.l13if.lf(str) == null) ? false : true;
    }

    @Override // java.security.KeyStoreSpi
    public void engineDeleteEntry(String str) throws KeyStoreException {
        String str2;
        Certificate certificate;
        Certificate certificate2 = (Certificate) this.l13t.lI(str);
        if (certificate2 != null) {
            this.l13v.remove(new CertId(certificate2.getPublicKey()));
        }
        if (((Key) this.l13if.lI(str)) == null || (str2 = (String) this.l13l.lI(str)) == null || (certificate = (Certificate) this.l13p.remove(str2)) == null) {
            return;
        }
        this.l13v.remove(new CertId(certificate.getPublicKey()));
    }

    @Override // java.security.KeyStoreSpi
    public Certificate engineGetCertificate(String str) {
        if (str == null) {
            throw new IllegalArgumentException("null alias passed to getCertificate.");
        }
        Certificate certificate = (Certificate) this.l13t.lf(str);
        if (certificate == null) {
            String str2 = (String) this.l13l.lf(str);
            certificate = str2 != null ? (Certificate) this.l13p.get(str2) : (Certificate) this.l13p.get(str);
        }
        return certificate;
    }

    @Override // java.security.KeyStoreSpi
    public String engineGetCertificateAlias(Certificate certificate) {
        Enumeration lf = this.l13t.lf();
        Enumeration lI = this.l13t.lI();
        while (lf.hasMoreElements()) {
            Certificate certificate2 = (Certificate) lf.nextElement();
            String str = (String) lI.nextElement();
            if (certificate2.equals(certificate)) {
                return str;
            }
        }
        Enumeration elements = this.l13p.elements();
        Enumeration keys = this.l13p.keys();
        while (elements.hasMoreElements()) {
            Certificate certificate3 = (Certificate) elements.nextElement();
            String str2 = (String) keys.nextElement();
            if (certificate3.equals(certificate)) {
                return str2;
            }
        }
        return null;
    }

    @Override // java.security.KeyStoreSpi
    public Certificate[] engineGetCertificateChain(String str) {
        byte[] lI;
        if (str == null) {
            throw new IllegalArgumentException("null alias passed to getCertificateChain.");
        }
        if (!engineIsKeyEntry(str)) {
            return null;
        }
        Certificate engineGetCertificate = engineGetCertificate(str);
        if (engineGetCertificate == null) {
            return null;
        }
        Vector vector = new Vector();
        while (engineGetCertificate != null) {
            X509Certificate x509Certificate = (X509Certificate) engineGetCertificate;
            Certificate certificate = null;
            byte[] extensionValue = x509Certificate.getExtensionValue(Extension.l0u.lf());
            if (extensionValue != null && null != (lI = AuthorityKeyIdentifier.lI(ASN1OctetString.lI((Object) extensionValue).lt()).lI())) {
                certificate = (Certificate) this.l13v.get(new CertId(lI));
            }
            if (certificate == null) {
                Principal issuerDN = x509Certificate.getIssuerDN();
                if (!issuerDN.equals(x509Certificate.getSubjectDN())) {
                    Enumeration keys = this.l13v.keys();
                    while (keys.hasMoreElements()) {
                        X509Certificate x509Certificate2 = (X509Certificate) this.l13v.get(keys.nextElement());
                        if (x509Certificate2.getSubjectDN().equals(issuerDN)) {
                            try {
                                x509Certificate.verify(x509Certificate2.getPublicKey());
                                certificate = x509Certificate2;
                                break;
                            } catch (Exception e) {
                            }
                        }
                    }
                }
            }
            if (vector.contains(engineGetCertificate)) {
                engineGetCertificate = null;
            } else {
                vector.addElement(engineGetCertificate);
                engineGetCertificate = certificate != engineGetCertificate ? certificate : null;
            }
        }
        Certificate[] certificateArr = new Certificate[vector.size()];
        for (int i = 0; i != certificateArr.length; i++) {
            certificateArr[i] = (Certificate) vector.elementAt(i);
        }
        return certificateArr;
    }

    @Override // java.security.KeyStoreSpi
    public Date engineGetCreationDate(String str) {
        if (str == null) {
            throw new NullPointerException("alias == null");
        }
        if (this.l13if.lf(str) == null && this.l13t.lf(str) == null) {
            return null;
        }
        return new Date();
    }

    @Override // java.security.KeyStoreSpi
    public Key engineGetKey(String str, char[] cArr) throws NoSuchAlgorithmException, UnrecoverableKeyException {
        if (str == null) {
            throw new IllegalArgumentException("null alias passed to getKey.");
        }
        return (Key) this.l13if.lf(str);
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineIsCertificateEntry(String str) {
        return this.l13t.lf(str) != null && this.l13if.lf(str) == null;
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineIsKeyEntry(String str) {
        return this.l13if.lf(str) != null;
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetCertificateEntry(String str, Certificate certificate) throws KeyStoreException {
        if (this.l13if.lf(str) != null) {
            throw new KeyStoreException("There is a key entry with the name " + str + ".");
        }
        this.l13t.lI(str, certificate);
        this.l13v.put(new CertId(certificate.getPublicKey()), certificate);
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) throws KeyStoreException {
        throw new RuntimeException("operation not supported");
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) throws KeyStoreException {
        if (!(key instanceof PrivateKey)) {
            throw new KeyStoreException("PKCS12 does not support non-PrivateKeys");
        }
        if ((key instanceof PrivateKey) && certificateArr == null) {
            throw new KeyStoreException("no certificate chain for private key");
        }
        if (this.l13if.lf(str) != null) {
            engineDeleteEntry(str);
        }
        this.l13if.lI(str, key);
        if (certificateArr != null) {
            this.l13t.lI(str, certificateArr[0]);
            for (int i = 0; i != certificateArr.length; i++) {
                this.l13v.put(new CertId(certificateArr[i].getPublicKey()), certificateArr[i]);
            }
        }
    }

    @Override // java.security.KeyStoreSpi
    public int engineSize() {
        Hashtable hashtable = new Hashtable();
        Enumeration lI = this.l13t.lI();
        while (lI.hasMoreElements()) {
            hashtable.put(lI.nextElement(), "cert");
        }
        Enumeration lI2 = this.l13if.lI();
        while (lI2.hasMoreElements()) {
            String str = (String) lI2.nextElement();
            if (hashtable.get(str) == null) {
                hashtable.put(str, "key");
            }
        }
        return hashtable.size();
    }

    protected PrivateKey lI(AlgorithmIdentifier algorithmIdentifier, byte[] bArr, char[] cArr, boolean z) throws IOException {
        ASN1ObjectIdentifier lI = algorithmIdentifier.lI();
        try {
            if (!lI.lI(PKCSObjectIdentifiers.l11t)) {
                if (lI.lf(PKCSObjectIdentifiers.l1t)) {
                    return (PrivateKey) lI(4, cArr, algorithmIdentifier).unwrap(bArr, "", 2);
                }
                throw new IOException("exception unwrapping private key - cannot recognise: " + lI);
            }
            PKCS12PBEParams lI2 = PKCS12PBEParams.lI(algorithmIdentifier.lf());
            PBEParameterSpec pBEParameterSpec = new PBEParameterSpec(lI2.lf(), lI(lI2.lI()));
            Cipher lI3 = this.l12y.lI(lI.lf());
            lI3.init(4, new PKCS12Key(cArr, z), pBEParameterSpec);
            return (PrivateKey) lI3.unwrap(bArr, "", 2);
        } catch (Exception e) {
            throw new IOException("exception unwrapping private key - " + e.toString());
        }
    }

    protected byte[] lI(String str, Key key, PKCS12PBEParams pKCS12PBEParams, char[] cArr) throws IOException {
        PBEKeySpec pBEKeySpec = new PBEKeySpec(cArr);
        try {
            SecretKeyFactory le = this.l12y.le(str);
            PBEParameterSpec pBEParameterSpec = new PBEParameterSpec(pKCS12PBEParams.lf(), pKCS12PBEParams.lI().intValue());
            Cipher lI = this.l12y.lI(str);
            lI.init(3, le.generateSecret(pBEKeySpec), pBEParameterSpec);
            return lI.wrap(key);
        } catch (Exception e) {
            throw new IOException("exception encrypting data - " + e.toString());
        }
    }

    protected byte[] lI(boolean z, AlgorithmIdentifier algorithmIdentifier, char[] cArr, boolean z2, byte[] bArr) throws IOException {
        ASN1ObjectIdentifier lI = algorithmIdentifier.lI();
        int i = z ? 1 : 2;
        if (!lI.lI(PKCSObjectIdentifiers.l11t)) {
            if (!lI.lf(PKCSObjectIdentifiers.l1t)) {
                throw new IOException("unknown PBE algorithm: " + lI);
            }
            try {
                return lI(i, cArr, algorithmIdentifier).doFinal(bArr);
            } catch (Exception e) {
                throw new IOException("exception decrypting data - " + e.toString());
            }
        }
        PKCS12PBEParams lI2 = PKCS12PBEParams.lI(algorithmIdentifier.lf());
        try {
            PBEParameterSpec pBEParameterSpec = new PBEParameterSpec(lI2.lf(), lI2.lI().intValue());
            PKCS12Key pKCS12Key = new PKCS12Key(cArr, z2);
            Cipher lI3 = this.l12y.lI(lI.lf());
            lI3.init(i, pKCS12Key, pBEParameterSpec);
            return lI3.doFinal(bArr);
        } catch (Exception e2) {
            throw new IOException("exception decrypting data - " + e2.toString());
        }
    }

    private Cipher lI(int i, char[] cArr, AlgorithmIdentifier algorithmIdentifier) throws NoSuchAlgorithmException, InvalidKeySpecException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException, NoSuchProviderException {
        PBES2Parameters lI = PBES2Parameters.lI(algorithmIdentifier.lf());
        PBKDF2Params lI2 = PBKDF2Params.lI(lI.lI().lf());
        AlgorithmIdentifier lI3 = AlgorithmIdentifier.lI(lI.lf());
        SecretKeyFactory le = this.l12y.le(lI.lI().lI().lf());
        SecretKey generateSecret = lI2.lt() ? le.generateSecret(new PBEKeySpec(cArr, lI2.lI(), lI(lI2.lf()), l12f.lI(lI3))) : le.generateSecret(new PBKDF2KeySpec(cArr, lI2.lI(), lI(lI2.lf()), l12f.lI(lI3), lI2.lb()));
        Cipher lI4 = this.l12y.lI(lI.lf().lI().lf());
        ASN1Encodable lf = lI.lf().lf();
        if (lf instanceof ASN1OctetString) {
            lI4.init(i, generateSecret, new IvParameterSpec(ASN1OctetString.lI((Object) lf).lt()));
        } else {
            GOST28147Parameters lI5 = GOST28147Parameters.lI(lf);
            lI4.init(i, generateSecret, new GOST28147ParameterSpec(lI5.lI(), lI5.lf()));
        }
        return lI4;
    }

    @Override // java.security.KeyStoreSpi
    public void engineLoad(KeyStore.LoadStoreParameter loadStoreParameter) throws IOException, NoSuchAlgorithmException, CertificateException {
        if (loadStoreParameter == null) {
            engineLoad(null, null);
        } else {
            if (!(loadStoreParameter instanceof BCLoadStoreParameter)) {
                throw new IllegalArgumentException("no support for 'param' of type " + loadStoreParameter.getClass().getName());
            }
            engineLoad(((BCLoadStoreParameter) loadStoreParameter).lh(), ParameterUtil.lI(loadStoreParameter));
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v357, types: [org.bouncycastle.asn1.ASN1Primitive] */
    /* JADX WARN: Type inference failed for: r0v50, types: [java.security.cert.Certificate, java.lang.Object] */
    /* JADX WARN: Type inference failed for: r0v62, types: [org.bouncycastle.jcajce.provider.keystore.pkcs12.PKCS12KeyStoreSpi$IgnoresCaseHashtable] */
    @Override // java.security.KeyStoreSpi
    public void engineLoad(InputStream inputStream, char[] cArr) throws IOException {
        if (inputStream == null) {
            return;
        }
        BufferedInputStream bufferedInputStream = new BufferedInputStream(inputStream);
        bufferedInputStream.mark(10);
        int read = bufferedInputStream.read();
        if (read < 0) {
            throw new EOFException("no data in keystore stream");
        }
        if (read != 48) {
            throw new IOException("stream does not represent a PKCS12 key store");
        }
        bufferedInputStream.reset();
        try {
            Pfx lI = Pfx.lI(new ASN1InputStream(bufferedInputStream).lj());
            ContentInfo lI2 = lI.lI();
            Vector vector = new Vector();
            boolean z = false;
            boolean z2 = false;
            if (lI.lf() != null) {
                if (cArr == null) {
                    throw new NullPointerException("no password supplied when one expected");
                }
                MacData lf = lI.lf();
                DigestInfo lI3 = lf.lI();
                this.l13y = lI3.lI();
                byte[] lf2 = lf.lf();
                this.l13n = lI(lf.lj());
                this.l13k = lf2.length;
                byte[] lt = ((ASN1OctetString) lI2.lf()).lt();
                try {
                    byte[] lI4 = lI(this.l13y.lI(), lf2, this.l13n, cArr, false, lt);
                    byte[] lf3 = lI3.lf();
                    if (!Arrays.lf(lI4, lf3)) {
                        if (cArr.length > 0) {
                            throw new IOException("PKCS12 key store mac invalid - wrong password or corrupted file.");
                        }
                        if (!Arrays.lf(lI(this.l13y.lI(), lf2, this.l13n, cArr, true, lt), lf3)) {
                            throw new IOException("PKCS12 key store mac invalid - wrong password or corrupted file.");
                        }
                        z2 = true;
                    }
                } catch (IOException e) {
                    throw e;
                } catch (Exception e2) {
                    throw new IOException("error constructing MAC: " + e2.toString());
                }
            } else if (cArr != null && cArr.length != 0 && !Properties.lI("org.bouncycastle.pkcs12.ignore_useless_passwd")) {
                throw new IOException("password supplied for keystore that does not require one");
            }
            this.l13if = new IgnoresCaseHashtable();
            this.l13l = new IgnoresCaseHashtable();
            if (lI2.lI().lf(l2y)) {
                ContentInfo[] lI5 = AuthenticatedSafe.lI(ASN1OctetString.lI((Object) lI2.lf()).lt()).lI();
                for (int i = 0; i != lI5.length; i++) {
                    if (lI5[i].lI().lf(l2y)) {
                        ASN1Sequence lI6 = ASN1Sequence.lI(ASN1OctetString.lI((Object) lI5[i].lf()).lt());
                        for (int i2 = 0; i2 != lI6.ld(); i2++) {
                            SafeBag lI7 = SafeBag.lI(lI6.lI(i2));
                            if (lI7.lI().lf(l10n)) {
                                EncryptedPrivateKeyInfo lI8 = EncryptedPrivateKeyInfo.lI(lI7.lf());
                                PrivateKey lI9 = lI(lI8.lI(), lI8.lf(), cArr, z2);
                                String str = null;
                                ASN1OctetString aSN1OctetString = null;
                                if (lI7.lj() != null) {
                                    Enumeration lf4 = lI7.lj().lf();
                                    while (lf4.hasMoreElements()) {
                                        ASN1Sequence aSN1Sequence = (ASN1Sequence) lf4.nextElement();
                                        ASN1ObjectIdentifier aSN1ObjectIdentifier = (ASN1ObjectIdentifier) aSN1Sequence.lI(0);
                                        ASN1Set aSN1Set = (ASN1Set) aSN1Sequence.lI(1);
                                        ASN1OctetString aSN1OctetString2 = null;
                                        if (aSN1Set.lj() > 0) {
                                            aSN1OctetString2 = (ASN1Primitive) aSN1Set.lI(0);
                                            if (lI9 instanceof PKCS12BagAttributeCarrier) {
                                                PKCS12BagAttributeCarrier pKCS12BagAttributeCarrier = (PKCS12BagAttributeCarrier) lI9;
                                                ASN1Encodable lI10 = pKCS12BagAttributeCarrier.lI(aSN1ObjectIdentifier);
                                                if (lI10 == null) {
                                                    pKCS12BagAttributeCarrier.lI(aSN1ObjectIdentifier, aSN1OctetString2);
                                                } else if (!lI10.ly().lf(aSN1OctetString2)) {
                                                    throw new IOException("attempt to add existing attribute with different value");
                                                }
                                            }
                                        }
                                        if (aSN1ObjectIdentifier.lf(l4u)) {
                                            str = ((ASN1BMPString) aSN1OctetString2).lf();
                                            this.l13if.lI(str, lI9);
                                        } else if (aSN1ObjectIdentifier.lf(l4j)) {
                                            aSN1OctetString = aSN1OctetString2;
                                        }
                                    }
                                }
                                if (aSN1OctetString != null) {
                                    String str2 = new String(Hex.lf(aSN1OctetString.lt()));
                                    if (str == null) {
                                        this.l13if.lI(str2, lI9);
                                    } else {
                                        this.l13l.lI(str, str2);
                                    }
                                } else {
                                    z = true;
                                    this.l13if.lI("unmarked", lI9);
                                }
                            } else if (lI7.lI().lf(l10k)) {
                                vector.addElement(lI7);
                            } else {
                                System.out.println("extra in data " + lI7.lI());
                                System.out.println(ASN1Dump.lI(lI7));
                            }
                        }
                    } else if (lI5[i].lI().lf(l3l)) {
                        EncryptedData lI11 = EncryptedData.lI(lI5[i].lf());
                        ASN1Sequence lI12 = ASN1Sequence.lI(lI(false, lI11.lf(), cArr, z2, lI11.lj().lt()));
                        for (int i3 = 0; i3 != lI12.ld(); i3++) {
                            SafeBag lI13 = SafeBag.lI(lI12.lI(i3));
                            if (lI13.lI().lf(l10k)) {
                                vector.addElement(lI13);
                            } else if (lI13.lI().lf(l10n)) {
                                EncryptedPrivateKeyInfo lI14 = EncryptedPrivateKeyInfo.lI(lI13.lf());
                                PrivateKey lI15 = lI(lI14.lI(), lI14.lf(), cArr, z2);
                                PKCS12BagAttributeCarrier pKCS12BagAttributeCarrier2 = (PKCS12BagAttributeCarrier) lI15;
                                String str3 = null;
                                ASN1OctetString aSN1OctetString3 = null;
                                Enumeration lf5 = lI13.lj().lf();
                                while (lf5.hasMoreElements()) {
                                    ASN1Sequence aSN1Sequence2 = (ASN1Sequence) lf5.nextElement();
                                    ASN1ObjectIdentifier aSN1ObjectIdentifier2 = (ASN1ObjectIdentifier) aSN1Sequence2.lI(0);
                                    ASN1Set aSN1Set2 = (ASN1Set) aSN1Sequence2.lI(1);
                                    ASN1Primitive aSN1Primitive = null;
                                    if (aSN1Set2.lj() > 0) {
                                        aSN1Primitive = (ASN1Primitive) aSN1Set2.lI(0);
                                        ASN1Encodable lI16 = pKCS12BagAttributeCarrier2.lI(aSN1ObjectIdentifier2);
                                        if (lI16 == null) {
                                            pKCS12BagAttributeCarrier2.lI(aSN1ObjectIdentifier2, aSN1Primitive);
                                        } else if (!lI16.ly().lf(aSN1Primitive)) {
                                            throw new IOException("attempt to add existing attribute with different value");
                                        }
                                    }
                                    if (aSN1ObjectIdentifier2.lf(l4u)) {
                                        str3 = ((ASN1BMPString) aSN1Primitive).lf();
                                        this.l13if.lI(str3, lI15);
                                    } else if (aSN1ObjectIdentifier2.lf(l4j)) {
                                        aSN1OctetString3 = (ASN1OctetString) aSN1Primitive;
                                    }
                                }
                                String str4 = new String(Hex.lf(aSN1OctetString3.lt()));
                                if (str3 == null) {
                                    this.l13if.lI(str4, lI15);
                                } else {
                                    this.l13l.lI(str3, str4);
                                }
                            } else if (lI13.lI().lf(l10y)) {
                                PrivateKey lI17 = BouncyCastleProvider.lI(PrivateKeyInfo.lI(lI13.lf()));
                                PKCS12BagAttributeCarrier pKCS12BagAttributeCarrier3 = (PKCS12BagAttributeCarrier) lI17;
                                String str5 = null;
                                ASN1OctetString aSN1OctetString4 = null;
                                Enumeration lf6 = lI13.lj().lf();
                                while (lf6.hasMoreElements()) {
                                    ASN1Sequence lI18 = ASN1Sequence.lI(lf6.nextElement());
                                    ASN1ObjectIdentifier lI19 = ASN1ObjectIdentifier.lI((Object) lI18.lI(0));
                                    ASN1Set lI20 = ASN1Set.lI((Object) lI18.lI(1));
                                    if (lI20.lj() > 0) {
                                        ASN1Primitive aSN1Primitive2 = (ASN1Primitive) lI20.lI(0);
                                        ASN1Encodable lI21 = pKCS12BagAttributeCarrier3.lI(lI19);
                                        if (lI21 == null) {
                                            pKCS12BagAttributeCarrier3.lI(lI19, aSN1Primitive2);
                                        } else if (!lI21.ly().lf(aSN1Primitive2)) {
                                            throw new IOException("attempt to add existing attribute with different value");
                                        }
                                        if (lI19.lf(l4u)) {
                                            str5 = ((ASN1BMPString) aSN1Primitive2).lf();
                                            this.l13if.lI(str5, lI17);
                                        } else if (lI19.lf(l4j)) {
                                            aSN1OctetString4 = (ASN1OctetString) aSN1Primitive2;
                                        }
                                    }
                                }
                                String str6 = new String(Hex.lf(aSN1OctetString4.lt()));
                                if (str5 == null) {
                                    this.l13if.lI(str6, lI17);
                                } else {
                                    this.l13l.lI(str5, str6);
                                }
                            } else {
                                System.out.println("extra in encryptedData " + lI13.lI());
                                System.out.println(ASN1Dump.lI(lI13));
                            }
                        }
                    } else {
                        System.out.println("extra " + lI5[i].lI().lf());
                        System.out.println("extra " + ASN1Dump.lI(lI5[i].lf()));
                    }
                }
            }
            this.l13t = new IgnoresCaseHashtable();
            this.l13v = new Hashtable();
            this.l13p = new Hashtable();
            for (int i4 = 0; i4 != vector.size(); i4++) {
                SafeBag safeBag = (SafeBag) vector.elementAt(i4);
                CertBag lI22 = CertBag.lI(safeBag.lf());
                if (!lI22.lI().lf(l4n)) {
                    throw new RuntimeException("Unsupported certificate type: " + lI22.lI());
                }
                try {
                    ?? generateCertificate = this.l13u.generateCertificate(new ByteArrayInputStream(((ASN1OctetString) lI22.lf()).lt()));
                    ASN1OctetString aSN1OctetString5 = null;
                    String str7 = null;
                    if (safeBag.lj() != null) {
                        Enumeration lf7 = safeBag.lj().lf();
                        while (lf7.hasMoreElements()) {
                            ASN1Sequence lI23 = ASN1Sequence.lI(lf7.nextElement());
                            ASN1ObjectIdentifier lI24 = ASN1ObjectIdentifier.lI((Object) lI23.lI(0));
                            ASN1Set lI25 = ASN1Set.lI((Object) lI23.lI(1));
                            if (lI25.lj() > 0) {
                                ASN1Primitive aSN1Primitive3 = (ASN1Primitive) lI25.lI(0);
                                if (generateCertificate instanceof PKCS12BagAttributeCarrier) {
                                    PKCS12BagAttributeCarrier pKCS12BagAttributeCarrier4 = (PKCS12BagAttributeCarrier) generateCertificate;
                                    ASN1Encodable lI26 = pKCS12BagAttributeCarrier4.lI(lI24);
                                    if (lI26 != null) {
                                        if (lI24.lf(l4j)) {
                                            String lI27 = Hex.lI(((ASN1OctetString) aSN1Primitive3).lt());
                                            if (!this.l13if.lf.containsKey(lI27) && !this.l13l.lf.containsKey(lI27)) {
                                            }
                                        }
                                        if (!lI26.ly().lf(aSN1Primitive3)) {
                                            throw new IOException("attempt to add existing attribute with different value");
                                        }
                                    } else if (lI25.lj() > 1) {
                                        pKCS12BagAttributeCarrier4.lI(lI24, lI25);
                                    } else {
                                        pKCS12BagAttributeCarrier4.lI(lI24, aSN1Primitive3);
                                    }
                                }
                                if (lI24.lf(l4u)) {
                                    str7 = ((ASN1BMPString) aSN1Primitive3).lf();
                                } else if (lI24.lf(l4j)) {
                                    aSN1OctetString5 = (ASN1OctetString) aSN1Primitive3;
                                }
                            }
                        }
                    }
                    this.l13v.put(new CertId(generateCertificate.getPublicKey()), generateCertificate);
                    if (!z) {
                        if (aSN1OctetString5 != null) {
                            this.l13p.put(new String(Hex.lf(aSN1OctetString5.lt())), generateCertificate);
                        }
                        if (str7 != null) {
                            this.l13t.lI(str7, generateCertificate);
                        }
                    } else if (this.l13p.isEmpty()) {
                        String str8 = new String(Hex.lf(lI(generateCertificate.getPublicKey()).lI()));
                        this.l13p.put(str8, generateCertificate);
                        this.l13if.lI(str8, this.l13if.lI("unmarked"));
                    }
                } catch (Exception e3) {
                    throw new RuntimeException(e3.toString());
                }
            }
        } catch (Exception e4) {
            throw new IOException(e4.getMessage());
        }
    }

    private int lI(BigInteger bigInteger) {
        int intValue = bigInteger.intValue();
        if (intValue < 0) {
            throw new IllegalStateException("negative iteration count found");
        }
        BigInteger lj = Properties.lj(l11k);
        if (lj == null || lj.intValue() >= intValue) {
            return intValue;
        }
        throw new IllegalStateException("iteration count " + intValue + " greater than " + lj.intValue());
    }

    @Override // java.security.KeyStoreSpi
    public void engineStore(KeyStore.LoadStoreParameter loadStoreParameter) throws IOException, NoSuchAlgorithmException, CertificateException {
        char[] password;
        if (loadStoreParameter == null) {
            throw new IllegalArgumentException("'param' arg cannot be null");
        }
        if (!(loadStoreParameter instanceof PKCS12StoreParameter) && !(loadStoreParameter instanceof JDKPKCS12StoreParameter)) {
            throw new IllegalArgumentException("No support for 'param' of type " + loadStoreParameter.getClass().getName());
        }
        PKCS12StoreParameter pKCS12StoreParameter = loadStoreParameter instanceof PKCS12StoreParameter ? (PKCS12StoreParameter) loadStoreParameter : new PKCS12StoreParameter(((JDKPKCS12StoreParameter) loadStoreParameter).lI(), loadStoreParameter.getProtectionParameter(), ((JDKPKCS12StoreParameter) loadStoreParameter).lf());
        KeyStore.ProtectionParameter protectionParameter = loadStoreParameter.getProtectionParameter();
        if (protectionParameter == null) {
            password = null;
        } else {
            if (!(protectionParameter instanceof KeyStore.PasswordProtection)) {
                throw new IllegalArgumentException("No support for protection parameter of type " + protectionParameter.getClass().getName());
            }
            password = ((KeyStore.PasswordProtection) protectionParameter).getPassword();
        }
        lI(pKCS12StoreParameter.lI(), password, pKCS12StoreParameter.lf());
    }

    @Override // java.security.KeyStoreSpi
    public void engineStore(OutputStream outputStream, char[] cArr) throws IOException {
        lI(outputStream, cArr, false);
    }

    /* JADX WARN: Multi-variable type inference failed */
    private void lI(OutputStream outputStream, char[] cArr, boolean z) throws IOException {
        if (this.l13if.lj() == 0) {
            if (cArr == null) {
                Enumeration lI = this.l13t.lI();
                ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
                while (lI.hasMoreElements()) {
                    try {
                        String str = (String) lI.nextElement();
                        aSN1EncodableVector.lI(lI(str, (Certificate) this.l13t.lf(str)));
                    } catch (CertificateEncodingException e) {
                        throw new IOException("Error encoding certificate: " + e.toString());
                    }
                }
                if (z) {
                    new Pfx(new ContentInfo(PKCSObjectIdentifiers.l2y, new DEROctetString(new DERSequence(new ContentInfo(PKCSObjectIdentifiers.l2y, new DEROctetString(new DERSequence(aSN1EncodableVector).l0if()))).l0if())), null).lI(outputStream, ASN1Encoding.lI);
                    return;
                } else {
                    new Pfx(new ContentInfo(PKCSObjectIdentifiers.l2y, new BEROctetString(new BERSequence(new ContentInfo(PKCSObjectIdentifiers.l2y, new BEROctetString(new BERSequence(aSN1EncodableVector).l0if()))).l0if())), null).lI(outputStream, ASN1Encoding.lj);
                    return;
                }
            }
        } else if (cArr == null) {
            throw new NullPointerException("no password supplied for PKCS#12 KeyStore");
        }
        ASN1EncodableVector aSN1EncodableVector2 = new ASN1EncodableVector();
        Enumeration lI2 = this.l13if.lI();
        while (lI2.hasMoreElements()) {
            byte[] bArr = new byte[20];
            this.l12h.nextBytes(bArr);
            String str2 = (String) lI2.nextElement();
            PrivateKey privateKey = (PrivateKey) this.l13if.lf(str2);
            PKCS12PBEParams pKCS12PBEParams = new PKCS12PBEParams(bArr, l12k);
            EncryptedPrivateKeyInfo encryptedPrivateKeyInfo = new EncryptedPrivateKeyInfo(new AlgorithmIdentifier(this.l13j, pKCS12PBEParams.ly()), lI(this.l13j.lf(), privateKey, pKCS12PBEParams, cArr));
            boolean z2 = false;
            ASN1EncodableVector aSN1EncodableVector3 = new ASN1EncodableVector();
            if (privateKey instanceof PKCS12BagAttributeCarrier) {
                PKCS12BagAttributeCarrier pKCS12BagAttributeCarrier = (PKCS12BagAttributeCarrier) privateKey;
                ASN1BMPString aSN1BMPString = (ASN1BMPString) pKCS12BagAttributeCarrier.lI(l4u);
                if (aSN1BMPString == null || !aSN1BMPString.lf().equals(str2)) {
                    pKCS12BagAttributeCarrier.lI(l4u, new DERBMPString(str2));
                }
                if (pKCS12BagAttributeCarrier.lI(l4j) == null) {
                    pKCS12BagAttributeCarrier.lI(l4j, lI(engineGetCertificate(str2).getPublicKey()));
                }
                Enumeration lf = pKCS12BagAttributeCarrier.lf();
                while (lf.hasMoreElements()) {
                    ASN1ObjectIdentifier aSN1ObjectIdentifier = (ASN1ObjectIdentifier) lf.nextElement();
                    ASN1EncodableVector aSN1EncodableVector4 = new ASN1EncodableVector();
                    aSN1EncodableVector4.lI(aSN1ObjectIdentifier);
                    aSN1EncodableVector4.lI(new DERSet(pKCS12BagAttributeCarrier.lI(aSN1ObjectIdentifier)));
                    z2 = true;
                    aSN1EncodableVector3.lI(new DERSequence(aSN1EncodableVector4));
                }
            }
            if (!z2) {
                ASN1EncodableVector aSN1EncodableVector5 = new ASN1EncodableVector();
                Certificate engineGetCertificate = engineGetCertificate(str2);
                aSN1EncodableVector5.lI(l4j);
                aSN1EncodableVector5.lI(new DERSet(lI(engineGetCertificate.getPublicKey())));
                aSN1EncodableVector3.lI(new DERSequence(aSN1EncodableVector5));
                ASN1EncodableVector aSN1EncodableVector6 = new ASN1EncodableVector();
                aSN1EncodableVector6.lI(l4u);
                aSN1EncodableVector6.lI(new DERSet(new DERBMPString(str2)));
                aSN1EncodableVector3.lI(new DERSequence(aSN1EncodableVector6));
            }
            aSN1EncodableVector2.lI(new SafeBag(l10n, encryptedPrivateKeyInfo.ly(), new DERSet(aSN1EncodableVector3)));
        }
        BEROctetString bEROctetString = new BEROctetString(new DERSequence(aSN1EncodableVector2).lf(ASN1Encoding.lI));
        byte[] bArr2 = new byte[20];
        this.l12h.nextBytes(bArr2);
        ASN1EncodableVector aSN1EncodableVector7 = new ASN1EncodableVector();
        AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(this.l13h, new PKCS12PBEParams(bArr2, l12k).ly());
        Hashtable hashtable = new Hashtable();
        Enumeration lI3 = this.l13if.lI();
        while (lI3.hasMoreElements()) {
            try {
                String str3 = (String) lI3.nextElement();
                Certificate engineGetCertificate2 = engineGetCertificate(str3);
                boolean z3 = false;
                CertBag certBag = new CertBag(l4n, new DEROctetString(engineGetCertificate2.getEncoded()));
                ASN1EncodableVector aSN1EncodableVector8 = new ASN1EncodableVector();
                if (engineGetCertificate2 instanceof PKCS12BagAttributeCarrier) {
                    PKCS12BagAttributeCarrier pKCS12BagAttributeCarrier2 = (PKCS12BagAttributeCarrier) engineGetCertificate2;
                    ASN1BMPString aSN1BMPString2 = (ASN1BMPString) pKCS12BagAttributeCarrier2.lI(l4u);
                    if (aSN1BMPString2 == null || !aSN1BMPString2.lf().equals(str3)) {
                        pKCS12BagAttributeCarrier2.lI(l4u, new DERBMPString(str3));
                    }
                    if (pKCS12BagAttributeCarrier2.lI(l4j) == null) {
                        pKCS12BagAttributeCarrier2.lI(l4j, lI(engineGetCertificate2.getPublicKey()));
                    }
                    Enumeration lf2 = pKCS12BagAttributeCarrier2.lf();
                    while (lf2.hasMoreElements()) {
                        ASN1ObjectIdentifier aSN1ObjectIdentifier2 = (ASN1ObjectIdentifier) lf2.nextElement();
                        ASN1EncodableVector aSN1EncodableVector9 = new ASN1EncodableVector();
                        aSN1EncodableVector9.lI(aSN1ObjectIdentifier2);
                        aSN1EncodableVector9.lI(new DERSet(pKCS12BagAttributeCarrier2.lI(aSN1ObjectIdentifier2)));
                        aSN1EncodableVector8.lI(new DERSequence(aSN1EncodableVector9));
                        z3 = true;
                    }
                }
                if (!z3) {
                    ASN1EncodableVector aSN1EncodableVector10 = new ASN1EncodableVector();
                    aSN1EncodableVector10.lI(l4j);
                    aSN1EncodableVector10.lI(new DERSet(lI(engineGetCertificate2.getPublicKey())));
                    aSN1EncodableVector8.lI(new DERSequence(aSN1EncodableVector10));
                    ASN1EncodableVector aSN1EncodableVector11 = new ASN1EncodableVector();
                    aSN1EncodableVector11.lI(l4u);
                    aSN1EncodableVector11.lI(new DERSet(new DERBMPString(str3)));
                    aSN1EncodableVector8.lI(new DERSequence(aSN1EncodableVector11));
                }
                aSN1EncodableVector7.lI(new SafeBag(l10k, certBag.ly(), new DERSet(aSN1EncodableVector8)));
                hashtable.put(engineGetCertificate2, engineGetCertificate2);
            } catch (CertificateEncodingException e2) {
                throw new IOException("Error encoding certificate: " + e2.toString());
            }
        }
        Enumeration lI4 = this.l13t.lI();
        while (lI4.hasMoreElements()) {
            try {
                String str4 = (String) lI4.nextElement();
                Certificate certificate = (Certificate) this.l13t.lf(str4);
                if (this.l13if.lf(str4) == null) {
                    aSN1EncodableVector7.lI(lI(str4, certificate));
                    hashtable.put(certificate, certificate);
                }
            } catch (CertificateEncodingException e3) {
                throw new IOException("Error encoding certificate: " + e3.toString());
            }
        }
        Set lI5 = lI();
        Enumeration keys = this.l13v.keys();
        while (keys.hasMoreElements()) {
            try {
                Certificate certificate2 = (Certificate) this.l13v.get((CertId) keys.nextElement());
                if (lI5.contains(certificate2) && hashtable.get(certificate2) == null) {
                    CertBag certBag2 = new CertBag(l4n, new DEROctetString(certificate2.getEncoded()));
                    ASN1EncodableVector aSN1EncodableVector12 = new ASN1EncodableVector();
                    if (certificate2 instanceof PKCS12BagAttributeCarrier) {
                        PKCS12BagAttributeCarrier pKCS12BagAttributeCarrier3 = (PKCS12BagAttributeCarrier) certificate2;
                        Enumeration lf3 = pKCS12BagAttributeCarrier3.lf();
                        while (lf3.hasMoreElements()) {
                            ASN1ObjectIdentifier aSN1ObjectIdentifier3 = (ASN1ObjectIdentifier) lf3.nextElement();
                            if (!aSN1ObjectIdentifier3.lf(PKCSObjectIdentifiers.l4j)) {
                                ASN1EncodableVector aSN1EncodableVector13 = new ASN1EncodableVector();
                                aSN1EncodableVector13.lI(aSN1ObjectIdentifier3);
                                aSN1EncodableVector13.lI(new DERSet(pKCS12BagAttributeCarrier3.lI(aSN1ObjectIdentifier3)));
                                aSN1EncodableVector12.lI(new DERSequence(aSN1EncodableVector13));
                            }
                        }
                    }
                    aSN1EncodableVector7.lI(new SafeBag(l10k, certBag2.ly(), new DERSet(aSN1EncodableVector12)));
                }
            } catch (CertificateEncodingException e4) {
                throw new IOException("Error encoding certificate: " + e4.toString());
            }
        }
        ContentInfo contentInfo = new ContentInfo(l2y, new BEROctetString(new AuthenticatedSafe(new ContentInfo[]{new ContentInfo(l2y, bEROctetString), new ContentInfo(l3l, new EncryptedData(l2y, algorithmIdentifier, new BEROctetString(lI(true, algorithmIdentifier, cArr, false, new DERSequence(aSN1EncodableVector7).lf(ASN1Encoding.lI)))).ly())}).lf(z ? ASN1Encoding.lI : ASN1Encoding.lj)));
        byte[] bArr3 = new byte[this.l13k];
        this.l12h.nextBytes(bArr3);
        try {
            new Pfx(contentInfo, new MacData(new DigestInfo(this.l13y, lI(this.l13y.lI(), bArr3, this.l13n, cArr, false, ((ASN1OctetString) contentInfo.lf()).lt())), bArr3, this.l13n)).lI(outputStream, z ? ASN1Encoding.lI : ASN1Encoding.lj);
        } catch (Exception e5) {
            throw new IOException("error constructing MAC: " + e5.toString());
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    private SafeBag lI(String str, Certificate certificate) throws CertificateEncodingException {
        CertBag certBag = new CertBag(l4n, new DEROctetString(certificate.getEncoded()));
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        boolean z = false;
        if (certificate instanceof PKCS12BagAttributeCarrier) {
            PKCS12BagAttributeCarrier pKCS12BagAttributeCarrier = (PKCS12BagAttributeCarrier) certificate;
            ASN1BMPString aSN1BMPString = (ASN1BMPString) pKCS12BagAttributeCarrier.lI(l4u);
            if ((aSN1BMPString == null || !aSN1BMPString.lf().equals(str)) && str != null) {
                pKCS12BagAttributeCarrier.lI(l4u, new DERBMPString(str));
            }
            Enumeration lf = pKCS12BagAttributeCarrier.lf();
            while (lf.hasMoreElements()) {
                ASN1ObjectIdentifier aSN1ObjectIdentifier = (ASN1ObjectIdentifier) lf.nextElement();
                if (!aSN1ObjectIdentifier.lf(PKCSObjectIdentifiers.l4j)) {
                    ASN1EncodableVector aSN1EncodableVector2 = new ASN1EncodableVector();
                    aSN1EncodableVector2.lI(aSN1ObjectIdentifier);
                    aSN1EncodableVector2.lI(new DERSet(pKCS12BagAttributeCarrier.lI(aSN1ObjectIdentifier)));
                    aSN1EncodableVector.lI(new DERSequence(aSN1EncodableVector2));
                    z = true;
                }
            }
        }
        if (!z) {
            ASN1EncodableVector aSN1EncodableVector3 = new ASN1EncodableVector();
            aSN1EncodableVector3.lI(l4u);
            aSN1EncodableVector3.lI(new DERSet(new DERBMPString(str)));
            aSN1EncodableVector.lI(new DERSequence(aSN1EncodableVector3));
        }
        if (certificate instanceof X509Certificate) {
            Extensions lc = TBSCertificate.lI(((X509Certificate) certificate).getTBSCertificate()).lc();
            if (lc != null) {
                Extension lI = lc.lI(Extension.l0h);
                if (lI != null) {
                    ASN1EncodableVector aSN1EncodableVector4 = new ASN1EncodableVector();
                    aSN1EncodableVector4.lI(MiscObjectIdentifiers.l2j);
                    aSN1EncodableVector4.lI(new DERSet(ExtendedKeyUsage.lI(lI.lt()).lI()));
                    aSN1EncodableVector.lI(new DERSequence(aSN1EncodableVector4));
                } else {
                    ASN1EncodableVector aSN1EncodableVector5 = new ASN1EncodableVector();
                    aSN1EncodableVector5.lI(MiscObjectIdentifiers.l2j);
                    aSN1EncodableVector5.lI(new DERSet(KeyPurposeId.lI));
                    aSN1EncodableVector.lI(new DERSequence(aSN1EncodableVector5));
                }
            } else {
                ASN1EncodableVector aSN1EncodableVector6 = new ASN1EncodableVector();
                aSN1EncodableVector6.lI(MiscObjectIdentifiers.l2j);
                aSN1EncodableVector6.lI(new DERSet(KeyPurposeId.lI));
                aSN1EncodableVector.lI(new DERSequence(aSN1EncodableVector6));
            }
        }
        return new SafeBag(l10k, certBag.ly(), new DERSet(aSN1EncodableVector));
    }

    private Set lI() {
        HashSet hashSet = new HashSet();
        Enumeration lI = this.l13if.lI();
        while (lI.hasMoreElements()) {
            Certificate[] engineGetCertificateChain = engineGetCertificateChain((String) lI.nextElement());
            for (int i = 0; i != engineGetCertificateChain.length; i++) {
                hashSet.add(engineGetCertificateChain[i]);
            }
        }
        Enumeration lI2 = this.l13t.lI();
        while (lI2.hasMoreElements()) {
            hashSet.add(engineGetCertificate((String) lI2.nextElement()));
        }
        return hashSet;
    }

    private byte[] lI(ASN1ObjectIdentifier aSN1ObjectIdentifier, byte[] bArr, int i, char[] cArr, boolean z, byte[] bArr2) throws Exception {
        PBEParameterSpec pBEParameterSpec = new PBEParameterSpec(bArr, i);
        Mac lf = this.l12y.lf(aSN1ObjectIdentifier.lf());
        lf.init(new PKCS12Key(cArr, z), pBEParameterSpec);
        lf.update(bArr2);
        return lf.doFinal();
    }
}
